{"vulnerability": "cve-2025-4654", "sightings": [{"uuid": "f39917bb-2903-4c6e-a7cf-838f9181699e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsxu4y5ttm2k", "content": "", "creation_timestamp": "2025-07-02T09:02:40.462714Z"}, {"uuid": "9e0830ef-aa95-4d15-a2d8-f2edfdf934ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/202", "content": "", "creation_timestamp": "2025-06-03T13:46:03.000000Z"}, {"uuid": "1a93859a-1a11-4d3f-b3b5-964c85e8cfbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46545", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmdotkurin2", "content": "", "creation_timestamp": "2025-04-25T04:04:39.594068Z"}, {"uuid": "dca33367-348a-4a3c-94b2-4217b9511efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46547", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmdowftehn2", "content": "", "creation_timestamp": "2025-04-25T04:04:40.215661Z"}, {"uuid": "5f1a84f5-6b76-42d0-905a-db5e4c4f764a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46544", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmdotlxnjr2", "content": "", "creation_timestamp": "2025-04-25T04:04:40.827977Z"}, {"uuid": "f2fd5381-11d1-4ae2-93a4-be0d6949c14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46546", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmdoxjvfxr2", "content": "", "creation_timestamp": "2025-04-25T04:04:41.515799Z"}, {"uuid": "98614e8b-d197-43c6-9d87-bae62d100378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46547", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnmibfp2ff2y", "content": "", "creation_timestamp": "2025-04-25T05:25:08.849236Z"}, {"uuid": "5b901ceb-345b-4f42-8382-5f9a1e3f1aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46545", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnmibfyrnx2h", "content": "", "creation_timestamp": "2025-04-25T05:25:09.398834Z"}, {"uuid": "39ef15df-f494-4658-b513-dd06b2c3b9b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46544", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnmibg7ob42b", "content": "", "creation_timestamp": "2025-04-25T05:25:10.541344Z"}, {"uuid": "49163064-02ec-4901-b71a-92eaf99072c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46546", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnmibgdeqg24", "content": "", "creation_timestamp": "2025-04-25T05:25:11.111139Z"}, {"uuid": "1182ff52-6f27-4b53-a7a6-416c8e43ecf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lnyhw2nbkw24", "content": "", "creation_timestamp": "2025-04-29T23:50:46.177699Z"}, {"uuid": "8f06f5bc-da33-4e84-852c-0ac2ac50607e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpn2wq4soa2", "content": "", "creation_timestamp": "2025-06-03T15:45:49.313240Z"}, {"uuid": "cbcce9e0-f0b7-4afc-8fee-7ed5079901bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lqpoc222742r", "content": "", "creation_timestamp": "2025-06-03T16:06:26.738279Z"}, {"uuid": "f47aa6c3-679c-4cfd-81ae-ccc27e5dabfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13368", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46546\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T02:38:27.087Z\n\ud83d\udd17 References:\n1. https://sherparpa.com\n2. https://twitter.com/ArtyomBrylev\n3. https://deiteriy.com\n4. https://gist.github.com/ArtemBrylev/59b4c0825a988f39a58b79e4e8d2f378", "creation_timestamp": "2025-04-25T03:06:45.000000Z"}, {"uuid": "b5c44902-4963-4edd-9bea-748447529189", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-46549.yaml", "content": "", "creation_timestamp": "2026-01-11T21:44:47.000000Z"}, {"uuid": "644f47b7-7b73-4072-9c2d-1e2893290a61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mcfxrjunli23", "content": "", "creation_timestamp": "2026-01-14T21:03:06.134517Z"}, {"uuid": "c8a8d241-3d6a-4873-979d-6cf9d86f4aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13928", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46549\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.\n\ud83d\udccf Published: 2025-04-29T20:40:26.765Z\n\ud83d\udccf Modified: 2025-04-29T20:40:26.765Z\n\ud83d\udd17 References:\n1. https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f\n2. https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5", "creation_timestamp": "2025-04-29T21:13:31.000000Z"}, {"uuid": "bab46797-cf40-4d45-aff9-082e3782f2e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46545", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13370", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46545\n\ud83d\udd25 CVSS Score: 4.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T02:24:23.784Z\n\ud83d\udd17 References:\n1. https://sherparpa.com\n2. https://twitter.com/ArtyomBrylev\n3. https://deiteriy.com\n4. https://gist.github.com/ArtemBrylev/5a0c76285d5fa9daf4ec753034185de7", "creation_timestamp": "2025-04-25T03:06:47.000000Z"}, {"uuid": "ffadc602-c946-437f-ab56-cc5af9577f81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46544", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13369", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46544\n\ud83d\udd25 CVSS Score: 6.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T02:29:34.996Z\n\ud83d\udd17 References:\n1. https://sherparpa.com\n2. https://twitter.com/ArtyomBrylev\n3. https://deiteriy.com\n4. https://gist.github.com/ArtemBrylev/a258f920a6556470951c9a483fcf194a", "creation_timestamp": "2025-04-25T03:06:46.000000Z"}, {"uuid": "52642bc8-fa59-474b-ae4d-55e815d47c6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13371", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46547\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.\n\ud83d\udccf Published: 2025-04-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T02:19:20.517Z\n\ud83d\udd17 References:\n1. https://sherparpa.com\n2. https://twitter.com/ArtyomBrylev\n3. https://deiteriy.com\n4. https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f", "creation_timestamp": "2025-04-25T03:06:48.000000Z"}, {"uuid": "2caf1e1e-b2b8-4955-a700-14c3a40da2ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46542", "type": "seen", "source": "https://t.me/cvedetector/23679", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46542 - ThemeXpert Xpert Tab Stored Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-46542 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:02.000000Z"}, {"uuid": "18b1063d-24ae-414d-899c-deb39201d528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/20098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4654\n\ud83d\udd25 CVSS Score: 3.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)\n\ud83d\udccf Published: 2025-07-02T03:47:24.306Z\n\ud83d\udccf Modified: 2025-07-02T03:47:24.306Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/4f29d476-0730-437c-8065-309523278efa?source=cve\n2. https://plugins.trac.wordpress.org/browser/soumettre-fr/tags/2.1.5/public/rest/class-soumettre-rest-route.php#L211", "creation_timestamp": "2025-07-02T04:12:22.000000Z"}, {"uuid": "2b422513-7303-40cf-8f71-daac6516619f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46543", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46543\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Charly Leetham Enhanced Paypal Shortcodes allows Stored XSS.This issue affects Enhanced Paypal Shortcodes: from n/a through 0.5a.\n\ud83d\udccf Published: 2025-05-19T17:04:06.073Z\n\ud83d\udccf Modified: 2025-05-19T17:04:06.073Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/enhanced-paypal-shortcodes/vulnerability/wordpress-enhanced-paypal-shortcodes-plugin-0-5a-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-19T17:39:10.000000Z"}, {"uuid": "d6a3dbc8-5990-470e-bba1-b193e511c6a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18125", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46548\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.\n\n\nUsers that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.\n\n\n\n\nAkka was affected by the same issue and has released the fix in version 1.6.1.\n\ud83d\udccf Published: 2025-06-03T14:45:32.890Z\n\ud83d\udccf Modified: 2025-06-11T17:44:23.190Z\n\ud83d\udd17 References:\n1. https://github.com/apache/pekko-management/pull/418\n2. https://github.com/akka/akka-management/pull/1385\n3. https://lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d5jzhp66", "creation_timestamp": "2025-06-11T18:35:19.000000Z"}, {"uuid": "724edd42-2f01-4175-9f2f-b6cf216ed007", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46540", "type": "seen", "source": "https://t.me/cvedetector/23678", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46540 - Chris Mok GNA Search Shortcode Cross-site Scripting\", \n  \"Content\": \"CVE ID : CVE-2025-46540 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Mok GNA Search Shortcode allows Stored XSS. This issue affects GNA Search Shortcode: from n/a through 0.9.5. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:01.000000Z"}, {"uuid": "3b7e07a1-035a-41ff-8142-c41c2171b354", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46541", "type": "seen", "source": "https://t.me/cvedetector/23676", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46541 - Elrata WP-reCAPTCHA-bp Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-46541 \nPublished : April 24, 2025, 4:15 p.m. | 17\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elrata_ WP-reCAPTCHA-bp allows Stored XSS. This issue affects WP-reCAPTCHA-bp: from n/a through 4.1. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-24T18:55:00.000000Z"}, {"uuid": "7f4f4d21-09c4-4498-ba8a-db0f6785f727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46544", "type": "seen", "source": "https://t.me/cvedetector/23727", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46544 - Sherpa Orchestrator Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46544 \nPublished : April 25, 2025, 3:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T07:28:56.000000Z"}, {"uuid": "46a7a68c-e65c-4fc8-ab5c-6eefb5f16733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46546", "type": "seen", "source": "https://t.me/cvedetector/23725", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46546 - Sherpa Orchestrator Blind SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46546 \nPublished : April 25, 2025, 3:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T07:28:54.000000Z"}, {"uuid": "cb883878-2b59-4cd1-8839-070c3653e015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46547", "type": "seen", "source": "https://t.me/cvedetector/23724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46547 - Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46547 \nPublished : April 25, 2025, 3:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T07:28:54.000000Z"}, {"uuid": "4432d3d8-fbe1-491d-9895-81c5b635103b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46545", "type": "seen", "source": "https://t.me/cvedetector/23723", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46545 - Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46545 \nPublished : April 25, 2025, 3:15 a.m. | 1\u00a0hour, 32\u00a0minutes ago \nDescription : In Sherpa Orchestrator 141851, the functionality for adding or updating licenses allows for stored XSS attacks by an administrator through the name parameter. The XSS payload can execute when the license expires. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-25T07:28:53.000000Z"}, {"uuid": "58d21959-3865-4bc7-b4f1-348a4f1671de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2025-46549", "type": "published-proof-of-concept", "source": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f", "content": "", "creation_timestamp": "2025-04-28T16:52:26.000000Z"}, {"uuid": "bdcc9d95-4753-4429-b319-7fd05bf881ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-46549", "type": "seen", "source": "https://t.me/cvedetector/24054", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46549 - YesWiki Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46549 \nPublished : April 29, 2025, 9:15 p.m. | 1\u00a0hour, 51\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-30T01:11:53.000000Z"}]}